CISO Daily Update - July 25, 2024
NEW DEVELOPMENTS
Pentagon & NASA IT Service Provider Hacked – Confidential Data Leaked Online – Exclusive!
Source: Cyber Press
Major IT service provider Leidos Holdings reportedly suffered a data breach. The company derives 87% of its revenue from government contracts and provides services to U.S. government agencies including the Pentagon, Homeland Security, and NASA. Attackers leaked confidential Leidos documents online totaling one gigabyte–includes various file types such as zip, msg, doc, and pdf, with technical assistance information and customer data. The breach was discovered on data leak forums, with criminals offering the stolen information for sale at $30,000. Leidos suggests the breach may be linked to a previously disclosed incident involving Diligent Corp., and asserts their network and sensitive customer data remain unaffected.
CrowdStrike Blames a Test Software Bug for That Giant Global Mess It Made
Source: The Register
CrowdStrike attributed last week's massive crash of 8.5 million Windows systems to a bug in its test software–specifically a failure in the "Content Validator." The issue arose from a problematic "InterProcessCommunication (IPC) Template Instance" released on July 19, which bypassed additional checks due to prior successful deployments. The fault led to an out-of-bounds memory read that caused system crashes. CrowdStrike plans to enhance its testing protocols, implement staggered releases, offer more user control over updates, and provide detailed release notes. A full root cause analysis will be released after their investigation concludes.
TracFone to Pay $16 Million to Settle FCC Cyber and Privacy Investigation
Source: The Record
Verizon subsidiary TracFone Wireless will pay a $16 million civil penalty to settle an FCC investigation into three data breaches over two years due to inadequate API security. These breaches compromised customer network information and personally identifiable information, and led to unauthorized port-outs. The settlement requires TracFone to enhance API security, establish an information security program adhering to NIST and OWASP standards, improve SIM and port-out safeguards, undergo annual third-party assessments, and train employees and third-party workers on privacy and security. The FCC emphasizes the importance of API security for all carriers.
57,000 Patients Impacted by Michigan Medicine Data Breach
Source: Security Week
Michigan Medicine informed about 57,000 individuals that their personal and health information may have been compromised due to a data breach involving employee email accounts. The breach was discovered between May 23 and May 29, 2024, and did not initially appear to target patient data specifically but theft is presumed given email account access. Data likely impacted includes names, addresses, dates of birth, medical records, health insurance details, and some patient SSNs. Michigan Medicine has implemented enhanced security measures and has started notifying affected individuals.
Biggest-Ever Leak of Digital Pirates: 10 Million Exposed by Z-Library Copycat
Source: Cybernews
A data breach exposed the personal information of nearly 10 million users who unknowingly accessed a malicious clone of the e-book piracy site Z-Library. Researchersuncovered an exposed database containing usernames, email addresses, passwords, and cryptocurrency wallet addresses of 9,761,948 users. This leak, stemming from a scam operation that mimicked the original Z-Library following its 2022 shutdown, surpasses the 2007 Pirate Bay breach in scale. Users are urged to change passwords, secure their crypto assets, and cease using illegal services.
AT&T Outage Due to Failed Network Update, FCC Releases New Findings
Source: Cybernews
The FCC's investigation into AT&T's February 22nd outage revealed that procedural errors and a failed network update caused a 12-hour disruption that blocked 92 million calls and 25,000 emergency 911 attempts. The outage affected AT&T's 5G network and FirstNet, hindering public safety communications. The FCC's report cited eight contributing factors, including configuration errors, poor internal procedure adherence, and inadequate testing. The FCC criticized AT&T for lacking network controls to prevent and mitigate such disruptions and referred the telecom to the US Public Safety and Homeland Security’s Enforcement Bureau for potential violations.
Network of Ghost GitHub Accounts Successfully Distributes Malware
Source: Help Net Security
Check Point researchers discovered the "Stargazers Ghost Network," a vast network of over 3,000 GitHub accounts used to distribute malware and phishing links. These accounts distribute various malware types, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine. The network evades detection by using password-protected files, dividing tasks among different accounts, and automating actions to appear legitimate. Despite GitHub’s efforts to take down these accounts, the network continues to operate and adapt. Future threats may leverage AI for more targeted phishing campaigns.
领英推荐
Ransomware Ecosystem Fragmenting Under Law Enforcement Pressure and Distrust
Source: The Record
Ransomware attacks are evolving as cybercriminals adapt to increased law enforcement pressure and internal distrust. Veteran hackers are moving away from large ransomware-as-a-service (RaaS) platforms, opting instead to develop their malware variants using leaked tools. This shift, driven by recent law enforcement takedowns and high-profile exit scams, is fragmenting the ransomware ecosystem. However, experts warn that this fragmentation may not reduce overall attacks, as the cybercrime market continues to profit from exploiting software vulnerabilities. While independent operations may face new challenges, the lowering barrier to entry and shift towards extortion-only attacks could maintain the threat level.
VULNERABILITIES TO WATCH
Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers
Source: The Hacker News
A recently patched flaw in Microsoft Defender SmartScreen (CVE-2024-21412) was exploited to distribute ACR, Lumma, and Meduza stealers. Fortinet FortiGuard Labs identified a campaign targeting Spain, Thailand, and the U.S., using booby-trapped files that bypass SmartScreen protection to deliver this malware. Attackers lure victims with crafted links leading to malicious files, which download executable files containing HTML Application scripts. These scripts decrypt PowerShell code, fetching a decoy PDF and a shellcode injector, eventually deploying the stealers. ACR Stealer, advertised in March 2024, uses a dead drop resolver technique on the Steam community website, while Lumma Stealer and Meduza continue leveraging similar methods for resilience.
Organizations Warned of Exploited Twilio Authy Vulnerability
Source: Security Week?
CISA warns of active exploitation of CVE-2024-39891, a vulnerability in Twilio Authy affecting Android versions before 25.1.0 and iOS versions before 26.1.0. This flaw in an unauthenticated endpoint leaks phone number data, allowing attackers to identify whether a number is registered with Authy. Although no Authy accounts were compromised, the data exposure could lead to phishing and smishing attacks. Twilio secured the endpoint and urges users to update their apps. CISA added this vulnerability to its Known Exploited Vulnerabilities catalog, urging organizations to address it by August 13.
Chrome 127 Patches 24 Vulnerabilities
Source: Security Week
Chrome 127 was released with critical security updates, addressing 24 vulnerabilities, including 16 reported by external researchers. This latest version patches five high-severity flaws, with memory safety bugs being the most common issue. Key fixes include use-after-free vulnerabilities in Downloads, Loader, and Dawn, as well as an out-of-bounds memory access in ANGLE. Google awarded over $55,000 in bug bounties, with more payouts pending. While no exploits were reported in the wild, users are strongly advised to update their browsers immediately to versions 127.0.6533.72/73 for Windows and macOS, and 127.0.6533.72 for Linux.
Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment
Source: Security Week
Siemens issued critical out-of-band security updates for vulnerabilities in its Sicam power grid products, including the A8000 remote terminal unit, Enhanced Grid Sensor, and Sicam 8 software. The most severe flaw (CVE-2024-3799) allows unauthorized admin access by resetting passwords when auto-login is enabled. A second vulnerability (CVE-2024-39601) enables authenticated remote attackers or those with physical access to downgrade firmware, potentially facilitating backdoor installation. Siemens released firmware updates to address these issues with workarounds also available. Users are strongly advised to apply these patches promptly to protect critical energy infrastructure from potential exploitation.
SPECIAL REPORTS
Navigating the Complex Landscape of Web Browser Security
Source: Darkreading
Web browser security has become a critical concern as cloud usage increases and organizations face challenges in managing multiple browsers and vulnerabilities. A typical employee may use one to four browsers, which complicates technology and security efforts. Recent zero-day vulnerabilities in popular browsers like Chrome and Safari highlight the ongoing risks. While some browsers report more vulnerabilities than others, the key lies in effective vulnerability management rather than switching browsers. Organizations must balance robust patch management, security policies, and user education to mitigate risks. Additional challenges include managing frequent updates, dealing with potentially harmful extensions, and maintaining productivity. As browsers become increasingly central to business operations, a comprehensive approach to browser security is essential for protecting critical systems and data.
Unprecedented Global Cyberattack Prevalence Reported in Q2
Source: SC Media
The second quarter of 2024 saw an unprecedented surge in global cyberattacks, with organizations worldwide facing an average of 1,636 weekly incidents, a 25% increase from the already record-breaking first quarter. This alarming trend is attributed to increasingly sophisticated threat actors and advancements in AI and machine learning. Education, research, government, military, and healthcare sectors were the primary targets. While North America experienced fewer attempted attacks, it suffered the most from ransomware intrusions. Check Point emphasizes the urgent need for robust cybersecurity frameworks and customized strategies to combat the evolving threat landscape–urging organizations to prioritize cybersecurity measures to prepare for future waves of attacks.
Finding value in this newsletter? Like or share this post on LinkedIn
Dynamic IT Lead | SysAdmin & Fullstack Dev | Cybersecurity Focused | 10+ Years
8 个月Imagine the impact $16 million in security enhancements could have had on TracFone. This truly highlights the critical need for continuous validation and monitoring of cybersecurity infrastructure and governance. Even if this is covered by cyber-insurance, going forward, carrier selection will be scant and premiums will go through the roof. One way or another, you’re going to pay.